Server in DMZ

logintck · ‎03-27-2008

Hi I am a beginner of ASA (8.0). I setup a ASA for device upgrade. I want to set up servers in DMZ. Unfortunately, I found that I can't access Server (in DMZ) from inside interface, for example, web access or ping test

I am checking it for long time and add the following commands but the problem is still exist.

#access-list DMZ_access_in extended permit ip 192.168.89.0 255.255.255.0 192.168.88.0 255.255.255.0

#access-group DMZ_access_in in interface DMZ

static (inside,DMZ) 192.168.88.0 192.168.88.0 netmask 255.255.255.0

Anyone give me a help??

I attach my config

logintck · ‎03-27-2008

acomiskey · ‎03-27-2008

This should do the trick

access-list DMZ_access_in extended permit icmp 192.168.89.0 255.255.255.0 192.168.88.0 255.255.255.0

access-group DMZ_access_in in interface DMZ

static (inside,DMZ) 192.168.88.0 192.168.88.0 netmask 255.255.255.0

You don't need to permit ip in the acl for traffic originating from the inside.

Jesse Wiener · ‎03-27-2008

I do not see the static in the config that you sent, but the one in your post has the wrong ip's.

Should be static (inside,DMZ) 192.168.88.0 192.168.89.0 netmask 255.255.255.0

acomiskey · ‎03-27-2008

static (inside,DMZ) 192.168.88.0 192.168.88.0 netmask 255.255.255.0

will work fine.

logintck · ‎03-30-2008

Thank you all of you. I fix the issue according the recommentation